similar to: LOG:warning

Hi, i am using squid as a transparent proxy. i have added this 3 lines to my rules file ACCEPT $FW net tcp www ACCEPT loc $FW tcp 8080 REDIRECT loc 8080 tcp www - !192.168.100.2 i want to limit the number of connection that are made from every pc on the network to the proxy server. if i change the 2nd rule to ACCEPT loc $FW tcp 8080

Hi I''m trying to monitor my multi ISP shorewall with swping, the script works fine, i can see in log when an ISP is down, the script restart shorewall and /etc/shorewall/isusable is called, however in the swping log after the shorewall restart i see again a route by ISP (even the ISP down), is it normal ? should i not see one route less? shorewall version 4.4.5.4-1. ****

hello before asking my question I come My name is Santiago and I''m from Spain but I''m in Colombia I followed this guide: https://www.doas.montanalinux.org/proxmox-ve-with-shorewall.html but when I run shorewall check, this error occurs: Checking... Initializing... Determining Zones... IPv4 Zones: net loc Firewall Zone: fw Validating interfaces file... ERROR: Invalid

Hello, I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect

hi, we like to use our server to host many guest system. we use these guests as test for our product testing which can be installed trough pxe install (we reinstall these guest very often). unfortunately it''s not possible to use routed network with pxe boot. so we _need_ bridged setup kvm with config as described in:

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hello, This is using version 4.4.11.3 (Debian). The following error occurs: ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc : The configuration is a test config. Commented lines removed to keep it clear: # cat zones fw firewall loc ipv4 # cat interfaces loc eth1 - # cat hosts loc eth1:10.128.23.34/16 # cat policy all all ACCEPT

I am attempting to use the Knock.pm from http://www.shorewall.net/ManualChains.html I am not having much luck making the DNAT- knock work for some reason. Anyone else using this on 4.4.4 that can verify if this still works as documented? Thanks ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM virtual servers on the default libvrt virbr0 bridge at the default vnet+ bridge ports. The bridge and ports are on a separate private subnet (192.168.122.0/24). Each bridge port and the bridge itself are in the dmz, there are two physical interfaces and private local subnets in loc, and

On 28/07/2010 15:45, shorewall-users-request@lists.sourceforge.net wrote: > On 7/28/10 1:50 AM, Andrea Perdicchia wrote: > >> > Hi all, >> > Is possible log mac address in shorewall? >> > I try all configuration "debug,info..." in /etc/shorewall/shorewall.conf >> > but in /var/log/messages the log show only few information and not mac

Hi all, Im new to shorewell, can anyone guide me whether I can use shorewell for my work. I have a requirement in our work: Each system shall have two Ethernet card interfaces(system means hardware devices, servers, clients in other words any device or host used in the project). The IP address of each interface will be of different networks, subnets and gateways completely. Bcoz if one of

Hi, I have recently installed shorewall with a very simple rules configuration, ---------------------------------- #SECTION RELATED SECTION NEW Ping/ACCEPT all $FW Trcrt/ACCEPT all $FW SSH/ACCEPT all $FW ACCEPT net $FW tcp http #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE ----------------------------------------- and I have no

There are massive attacks on specific port, I want to trap and log just the ip source to this port. Is there anyway to do so with shorewall? Thanks. Willy Mularto sangprabv@gmail.com ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev

Hi all, I Try use shorewall rules with time element but its never works, the rules look like this HTTPS(REJECT) loc net:69.63.181.11,69.63.181.12,69.63.184.142,69.63.187.17,69.63.187.19 localtz&timestart=20:00&timestop=20:10&weekdays=Mon,Tue,Wed,Thu,Fri This rules for block https access to facebook site at working hours & day My system is Debian lenny, shorewall 4.4.4.2 kernel

Hi! I have a strange problem with shorewall on one of our routers. When i configure a rule like ACCEPT loc:192.x.x.x net tcp 80 this rules will only work if i do a tcpdump -i all port 80 After doing the tcpdump the clientrules works. When i don''t use tcpdump before the connection will be refused. Best regards, Kai.

Hello all, I''m using shorewall on a linux machine that has two interfaces, eth0 being connected on the internal network (10.10.10.0/24) and eth1 being connected to the external network. On eth0 the IP is statically configured to 10.10.10.254 and there is a dhcp server running for the machines in the private network. On eth1, the IP is dynamically assigned by my ISP modem that acts as

Greetings shorewall users, I''m running into a problem and hoping someone might have a simple idea how to fix it. I have shorewall configured on a linux fw with 2 port DNAT rules to an internal server for openvpn from external clients. Everything works fine there. I have a problem when the fw is rebooted however. When it comes back up, interfaces are brought up before shorewall is

Hi, I'm using IPSEC in a multi-ISP configuration, lsm 0.131, Kernel 2.6.32, ipsec-tools 0.8.0 This worked fine with Shorewall/Shorewall-Lite 4.5.7. After updating Shorewall to 4.5.8 the routing of ESP packets doesn't work. If I change the Providers.pm file and add connmark => "! --mark 0/$mask" like before in Shorewall 4.5.7 than everything works fine. add_ijump

Le mardi 21 juin 2011 15:32, Tom Eastep a écrit : > -------- Forwarded Message -------- > From: Tom Eastep <teastep@shorewall.net> > Reply-to: Shorewall Users <shorewall-users@lists.sourceforge.net> > To: Shorewall Users <shorewall-users@lists.sourceforge.net> > Subject: Re: [Shorewall-users] routestopped 4.2 to 4.4 > Date: Mon, 20 Jun 2011 13:37:02 -0700 >

Hi, I''m using Shorewall 4.2.10 in Ubuntu 9.10, and I tried to set up some Traffic Shaping in my network since I share it with my brother and he''s using more than he should. Since this is an old version, I''m using TC_ENABLED=Internal. Everything is working nicely except for the localhost. It falls under the "default" class, and I don''t know how to